Many OT systems still rely on legacy protocols at Level 1 and below—those controlling PLCs and sensors—that were intentionally designed without authentication, encryption, or tamper-resistance. This leaves the foundational layers of industrial control networks critically exposed: any device or user with network access can issue valid commands or disrupt operations simply because the underlying architecture permits it. Efforts to improve this security base have progressed only marginally, with secure alternatives such as authenticated Modbus or secure OPC UA implemented only in a small fraction of deployments.

The article uses the metaphor of the city of Venice to illustrate this situation: above water there are visible structures—advanced detection tools, segmentation, secure remote access—but their entire weight rests on a decaying, fragile foundation. If the attacker can reach the underlying layer where these insecure protocols operate, all the higher-level protections risk being rendered ineffective. The urgency lies in reinforcing the foundational layer, yet the pace of meaningful change remains slow and sporadic, making current OT security posture increasingly precarious.

‍

Source: https://dale-peterson.com/2025/10/07/ot-is-the-venice-of-security-infrastructure/